Bug 92684 - [PATCH] implement --drop-privileges flag
Summary: [PATCH] implement --drop-privileges flag
Status: RESOLVED MOVED
Alias: None
Product: PulseAudio
Classification: Unclassified
Component: daemon (show other bugs)
Version: unspecified
Hardware: Other All
: medium enhancement
Assignee: pulseaudio-bugs
QA Contact: pulseaudio-bugs
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2015-10-26 22:07 UTC by Robert Millan
Modified: 2018-07-30 09:59 UTC (History)
1 user (show)

See Also:
i915 platform:
i915 features:


Attachments
[PATCH] --drop-privileges flag (4.42 KB, text/plain)
2015-10-26 22:07 UTC, Robert Millan
Details

Description Robert Millan 2015-10-26 22:07:45 UTC
Created attachment 119207 [details]
[PATCH] --drop-privileges flag

Hi

I'm writing a PulseAudio module which needs root privileges in order to work. However, currently it can't be used because PulseAudio drops privileges on startup unconditionally.

Please consider the attached patch to implement --drop-privileges flag. This flag can be set to false to disable privilege dropping (marked as "DANGEROUS" for users who know what they're doing).
Comment 1 Arun Raghavan 2015-10-28 05:26:51 UTC
Out of curiosity, what is it that you're doing that needs root privileges?
Comment 2 Robert Millan 2015-10-28 21:18:05 UTC
Audio device driving in user-space. See:

http://hdl.handle.net/2099.1/25316
Comment 3 Tanu Kaskinen 2016-02-26 16:15:58 UTC
Hi Robert! Sorry for taking long with this reply.

To me it seems that running pulseaudio as root is a bad idea for security reasons, and there don't seem to be strong evidence for people actually needing this capability. I'm not sure what kernel interfaces you actually need to access as root, but if it's about accessing some specific node under /dev, wouldn't it be much better to give the "pulse" user access to that device node, instead of giving it access to absolutely everything on the system?
Comment 4 GitLab Migration User 2018-07-30 09:59:39 UTC
-- GitLab Migration Automatic Message --

This bug has been migrated to freedesktop.org's GitLab instance and has been closed from further activity.

You can subscribe and participate further through the new bug through this link to our GitLab instance: https://gitlab.freedesktop.org/pulseaudio/pulseaudio/issues/155.


Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.